November 27, 2014

Siemens patches critical SCADA flaws likely exploited in recent attacks
One of the vulnerabilities allows unauthenticated attackers to remotely execute arbitrary code on a Siemens SIMATIC WinCC SCADA server by sending specially crafted packets to it. The flaw received the maximum severity score of 10 in the Common Vulnerability Scoring System and can lead to a full system compromise.The other vulnerability can also be exploited by unauthenticated attackers by sending specially crafted packets, but to extract arbitrary files from the WinCC server. The flaw has a CVSS score of 7.8.

The Cloud in 2014 and Beyond
As we wrap up 2014, it’s time we took a look at some of the biggest cloud technologies that made an impact over the course of the year and thought about cloud predictions for 2015. I’m most likely not going to list all of the technologies that were big this year, so if you feel I missed something, feel free to add it in the comments section! That said, the concentration around the user and the information delivery model has allowed the modern data center and the cloud infrastructure in general to really evolve. We’re seeing new methods of optimization, cloud control and entirely new ways of controlling the user experience.

There’s an opportunity for tech in the EPA’s proposed smog rule
“It’s sparking new technology, which is increasingly important as we move forward,” McCarthy said about tightening the smog standard. “The good news is that California has become a birth place of innovative technology as a result and is providing a lot of opportunities across the U.S. to take advantage of their innovation.” California’s topography and large population, which leads to high electricity demand and puts lots of cars on the road, increases the production of smog and traps it, making it difficult to get rid of it. The state has put in stringent air quality standards over the past three decades to regulate emissions, but most residents still face smog levels that pose health risks, said the California Air Resources Board.

A Comparison of IT Governance and Control Frameworks in Cloud Computing
Providing the appropriate level and type of IT governance and controls in a cloud computing environment is a new challenge facing many CIOs and their organizations. While there are many commonalities among these frameworks, the authors identify the key components of each model as they relate specifically to the cloud computing environment. Governance in the cloud requires defining policies and implementing an organizational structure with well-defined roles for the responsibility of information technology management, business processes, and applications. Best practice IT governance considerations proffered by Weill and Ross, ITGI, and others are then included into our cloud framework.

A new way to map technology disruptions
For every innovation there are two challenges: It must be made, and it must be accepted. The first challenge is all about engineering and technology, the second one is all about mind and design. And both of them do not just consist of make-or-break leaps, but are continuous processes – on the way to the breakthrough, and beyond. Cisco and GDI Gottlieb Duttweiler Institute have found an innovative (sic!) way ( to show for some of the most promising technological disruptions to date, how far they have come in these processes; and how far they still have to go to reach the mind shift, and the technology shift needed to become part of our lives.

With Apple's Watch looming, is it time firms faced up to wearable security?
"Sooner or later, almost everybody will have these devices and if we haven't talked about these implications, if we haven't thought about it, it will be too late," Trend Micro CTO Raimund Genes told a London roundtable event this week. "We saw this with bring your own device, which for a few companies has been bring your own disaster. We saw it with the internet. The internet was never designed with safety in mind, and when I look at all the new battery-optimised communications protocols, nobody has designed in any security." Communications over battery-optimised communication technologies, such as Bluetooth Low Energy (BLE) and ZigBee, are not visible by monitoring IP network traffic.

Dealing with disruption in the digital business
The question that needs to be answered is, "What is fluidic about digital disruptions, and why does that change the ways that change happens?" The answer is that digital business is based on the manipulation of digital representations of virtual or physical assets, channels and capabilities. Because they are in digital form, they are easier, and often faster, to manipulate. The possibilities are limited only by the imagination. And these assets, channels and capabilities can be used in a wider variety of ways than their analog counterparts. As a result, change in the digital age is happening at such a high frequency, often in unexpected ways, that it seems like a stream of interconnected disruptions that are difficult to identify, let alone react to.

Building Relationships Between Agile Teams and Stakeholders
Our evolutionary wiring predisposes us to being social. Social connection is a fundamental need, as is food, water and shelter. When we are born, we must be connected to someone who can give us nourishment and shelter. And, we have evolved so that fundamental needs cause pain (such as, hunger and thirst) forcing us to seek relief. Social disconnection activates the brain’s pain circuitry and causes ”social pain” – which in our brains is the same as experiencing physical pain. The research also shows that we are able to keep track of our social interactions because we have a larger, more developed cortex than any other animals. Our brains have evolved to support social connection.

Intel roadmap update: Skylake on track for 2015, will debut alongside Broadwell-K
According to WCCFTech, Intel will also launch new desktop parts next year, with a Core i7 5000 unlocked CPU (Broadwell-K) and a second set of desktop SKUs dubbed the Core i7-6000 family, or Skylake-S. Broadwell-K is reportedly compatible with the Z97 family of chipsets that are already shipping, while Skylake-S will require a new motherboard. Broadwell is the 14nm refresh of Haswell, with a die shrink and a handful of minor improvements to the CPU, but not much more. Skylake, in contrast, is the full architecture refresh — so what are its (rumored) features?

Ensuring SDN and NFV Performance for a Future-Proof Network
Analysis is not reliable unless all network information is captured and collected by
network appliances. Network appliances receive data either from a Switched Port Analyzer (SPAN) port on a switch or router that replicates all traffic, or from passive taps that provide a copy of network traffic. They then need to precisely time stamp each Ethernet frame to allow accurate determination of events and latency measurements for quality of experience assurance. Network appliances also recognize the encapsulated protocols, as well as determine flows of traffic that are associated with the same senders and receivers.

API Security Testing – How to Hack an API and Get Away with It (Part 3 of 3)
Testing for insufficient SSL configurations is straightforward – make sure your tests accept only valid certificates. Taking an extra precaution for MITM attacks is also advisable – for example by adding signatures to a message, which makes it impossible (well, almost) for a eavesdropper to modify messages on the wire, even if they manage to insert themselves in the communication pipeline. Testing with signatures, that they are enforced, correctly validated, etc. – is equally possible.

Quote for the day:

“It always seems impossible until it's done.” -- Nelson Mandela